Login ProductsSalesSupportDownloadsAbout |
Home » Technical Support » ElevateDB Technical Support » Support Forums » ElevateDB General » View Thread |
Messages 1 to 6 of 6 total |
User privileges |
Wed, Dec 26 2007 5:50 AM | Permanent Link |
Roy Lambert NLH Associates Team Elevate | Tim
I want to create a user that ONLY has read privileges on Users. The logic is I want use ElevateDB's users but also to do my own logon dialog. I need a logon/password combo to allow me to read the users file so that I can make sure its a valid ID and display the user name before the password is entered and the database opened. I tried creating a user in EDBManager and not granting any privileges. I tested access to the database and its tables, that was allowed as was inserting a row, deleting a row etc. Looking at things I'm guessing a new user is given the role Public, but this isn't being properly tested in EDBManager. I know I won't get exactly what I want, but what's the nearest I can achieve? The logic by the way is that this the only password I want to code in clear in my app. Roy Lambert |
Wed, Dec 26 2007 6:11 AM | Permanent Link |
"Fons Neelen" | Hi Roy,
> Looking at things I'm guessing a new user is given the role Public, but > this isn't being properly tested in EDBManager. I can confirm from my own experience (using C/S setup) that new users are given the Public role. I just revoke it and grant them my own role. I have 2 roles: one in the Configuration database (using grant / revoke statement) and one mine database (which manages the rights in my app). The one in the Configuration database is hand made as well. > The logic by the way is that this the only password I want to code in > clear in my app. I use the Users table in the Configuration database (and therefore the password build in ElevateDB) as well as my own users table, which ofcourse has the same user name. So, the right to access the database (and my app) is handled by ElevateDB and using the user name linked to the rights in my app in a "My App Rights" table. I don't show a list of users. They simply need to type that in by themselfs (provides extra security) using my own login dialog and when the right combination of username and password is accepted by ElevateDB than I read from "My App Rights" table the others rights to setup what a user can or can't do. This is ofcourse all in a C/S setup, but should work using in fileserver mode as well. Best regards, Fons |
Wed, Dec 26 2007 6:47 AM | Permanent Link |
Roy Lambert NLH Associates Team Elevate | Fons
What you describe is pretty much what I want to do. I'm not going to be showing a list of users just that if they type in RL as user ID I like to display Roy Lambert before they enter the password and login. Roy Lambert |
Wed, Dec 26 2007 6:59 AM | Permanent Link |
"Fons Neelen" | Hi Roy,
> What you describe is pretty much what I want to do. I'm not going to be > showing a list of users just that if they type in RL as user ID I like to > display Roy Lambert before they enter the password and login. Ahhh, I understand now. But why? I see no real benifits and it only makes thing more complicated. I guess one way of achieving this, is to login at startup of your app as an administrator (all invisible to the user ofcourse) and get the list of ID's and user names from the Users table and store it in a StringList or memory table. That way you can lookup the ID and get the associated name when the user enters the ID. Maybe Tim knows some (smarter) way of doing this. Best regards, Fons |
Thu, Dec 27 2007 3:49 PM | Permanent Link |
Tim Young [Elevate Software] Elevate Software, Inc. timyoung@elevatesoft.com | Roy,
<< What you describe is pretty much what I want to do. I'm not going to be showing a list of users just that if they type in RL as user ID I like to display Roy Lambert before they enter the password and login. >> I wouldn't do that - it's a security risk because it gives a hacker a positive result when they get a valid user name. -- Tim Young Elevate Software www.elevatesoft.com |
Fri, Dec 28 2007 5:31 AM | Permanent Link |
Roy Lambert NLH Associates Team Elevate | Tim
>I wouldn't do that - it's a security risk because it gives a hacker a >positive result when they get a valid user name. Well, at least that gives me an out when I'm asked why I've changed things - its to improve security Roy Lambert |
This web page was last updated on Tuesday, April 30, 2024 at 03:55 PM | Privacy PolicySite Map © 2024 Elevate Software, Inc. All Rights Reserved Questions or comments ? E-mail us at info@elevatesoft.com |